package tezos-plonk

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

Parameters

Signature

module PC = PC
include Plonk.Polynomial_protocol.S with module PC := PC

Module to operate with polynomials in FFT evaluations form.

type prover_public_parameters = PC.Public_parameters.prover

The type of prover public parameters.

val prover_public_parameters_t : prover_public_parameters Repr.t
type verifier_public_parameters = PC.Public_parameters.verifier

The type of verifier public parameters.

val verifier_public_parameters_t : verifier_public_parameters Repr.t

The type for prover identities: functions from a (string) map of polynomials in FFT evaluations form to a (string) map of evaluated identities (also polynomials in FFT evaluations form).

The type for verifier identities: functions which map an evaluation point ξ an a PC.answer into a (string) map of evaluated identities.

A type to involve in the identities computations corresponding to (public) polynomials that have not been committed by the prover. It maps an evaluation point ξ and a PC.answer into a (string) map of evaluated (non-committed) polynomials.

type transcript = PC.transcript

The type for transcripts, used for applying the Fiat-Shamir heuristic

val transcript_t : transcript Repr.t
type proof = {
  1. cm_t : PC.Commitment.t;
  2. pc_proof : PC.proof;
  3. pc_answers : PC.answer list;
}

The type for proofs, containing a commitment to the polynomial T that asserts the satisfiability of the identities over the subset of interest, as well as a PC proof and a list of PC answers.

val proof_t : proof Repr.t
type eval_point =
  1. | X
  2. | GX
  3. | Custom of string * PC.Scalar.t -> PC.Scalar.t

The type for evaluation points. Either X, GX, or a custom point, which must be specified by an evaluation point name paired with a function that computes it from ξ. For example:

  • X could be implemented as Custom ("x", Fun.id)
  • GX could be implemented as Custom ("gx", fun x -> Scalar.mul generator x).
val convert_eval_points : generator:PC.Scalar.t -> x:PC.Scalar.t -> eval_point list -> PC.Scalar.t Plonk.SMap.t

convert_eval_points gen x points maps the polynomial protocol points : eval_point list into scalars, by evaluating the underlying "composition" polynomial at x. The generator gen is used in case the eval_point equals GX, in which case the resulting scalar is x * gen.

val get_answer : PC.answer -> eval_point -> string -> PC.Scalar.t

get_answer answers p name extracts the evaluation of polynomial name at point p from the given answers.

val merge_prover_identities : prover_identities list -> prover_identities

A function to merge a list of prover identities into one.

val merge_verifier_identities : verifier_identities list -> verifier_identities

A function to merge a list of verifier identities into one.

val compute_t : n:int -> alpha:PC.Scalar.t -> nb_of_t_chunks:int -> Evaluations.t Plonk.SMap.t -> Evaluations.polynomial Plonk.SMap.t

compute_t ~n ~alpha evaluations returns a polynomial T splitted in chunks, where T(X) = (sum_i alpha^i evaluations[i]) / (X^n - 1) and the returned chunks { 'T_0' -> T0; 'T_1' -> T1; 'T_2' -> T2 } are such that T = T0 + X^n T1 + X^{2n} T2.

The polynomial commitment setup function, requires a labeled argument of setup parameters for the underlying PC and a labeled argument containing the path location of a set of SRS files.

val prove : prover_public_parameters -> transcript -> n:int -> generator:PC.Scalar.t -> secrets: (PC.Polynomial.Polynomial.t Plonk.SMap.t * PC.Commitment.prover_aux) list -> eval_points:eval_point list list -> evaluations:Evaluations.t Plonk.SMap.t -> identities:prover_identities -> nb_of_t_chunks:int -> proof * transcript

The prover function. Takes as input the prover_public_parameters, an initial transcript (possibly including a context if this prove is used as a building block of a bigger protocol), the size n of subgroup H, the canonical generator of subgroup H, a list of secrets including polynomials that have supposedly been committed (and a verifier received such commitments) as well as prover auxiliary information generated during the committing process, a list of evaluation point lists specifying the evaluation points where each secret needs to be evaluated at, a map of the above-mentioned polynomials this time in FFT evaluations form, for efficient polynomial multiplication, and some prover_identities that are supposedly satisfied by the secret polynomials. Outputs a proof and an updated transcript.

val verify : verifier_public_parameters -> transcript -> n:int -> generator:PC.Scalar.t -> commitments:PC.Commitment.t list -> eval_points:eval_point list list -> ?non_committed:non_committed -> identities:verifier_identities -> proof -> bool * transcript

The verifier function. Takes as input the verifier_public_parameters, an initial transcript (that should coincide with the initial transcript used by prove), the size n of subgroup H, the canonical generator of subgroup H, a list of commitments to the secret polynomials by the prover, a list of evaluation points as in prove, some verifier_identities, and a proof. Outputs a bool value representing acceptance or rejection.

type prover_aux = {
  1. answers : PC.Scalar.t SMap.t SMap.t list;
  2. batch : PC.Scalar.t SMap.t list;
  3. alpha : PC.Scalar.t;
  4. x : PC.Scalar.t;
  5. r : PC.Scalar.t;
  6. cm_answers : PC.Scalar.t;
}
type verifier_aux = {
  1. alpha : PC.Scalar.t;
  2. x : PC.Scalar.t;
  3. r : PC.Scalar.t;
}
val poseidon : PC.Scalar.t array -> PC.Scalar.t
val prove_super_aggregation : prover_public_parameters -> transcript -> n:int -> generator:PC.Scalar.t -> secrets:(PC.Polynomial.Polynomial.t SMap.t * PC.Commitment.prover_aux) list -> eval_points:eval_point list list -> evaluations:Evaluations.t SMap.t -> identities:prover_identities -> nb_of_t_chunks:int -> (proof * prover_aux) * transcript
val verify_super_aggregation : verifier_public_parameters -> transcript -> n:int -> generator:PC.Scalar.t -> commitments:PC.Commitment.t list -> eval_points:eval_point list list -> s_list:PC.Scalar.t SMap.t list -> cm_answers:PC.Scalar.t -> proof -> (bool * verifier_aux) * PC.transcript
OCaml

Innovation. Community. Security.